[
https://issues.apache.org/jira/browse/KNOX-2547?focusedWorklogId=565474&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-565474
]
ASF GitHub Bot logged work on KNOX-2547:
----------------------------------------
Author: ASF GitHub Bot
Created on: 12/Mar/21 19:29
Start Date: 12/Mar/21 19:29
Worklog Time Spent: 10m
Work Description: pzampino opened a new pull request #410:
URL: https://github.com/apache/knox/pull/410
…on last
## What changes were proposed in this pull request?
Moved token signature verification to be performed after all other token
validations. I've also increased the signature verification cache maximum to
250 and added the explicit removal of signature verification records for
expired tokens.
## How was this patch tested?
Added
AbstractJWTFilterTest#testExpiredTokensEvictedFromSignatureVerificationCache()
to validate the explicit eviction of expired tokens' signature verification.
Ran all other existing tests.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 565474)
Remaining Estimate: 0h
Time Spent: 10m
> Token-based providers should perform signature verification last
> ----------------------------------------------------------------
>
> Key: KNOX-2547
> URL: https://issues.apache.org/jira/browse/KNOX-2547
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.5.0
> Reporter: Philip Zampino
> Assignee: Philip Zampino
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The signature verification should be performed after all other token
> validations succeed, since it is by far the most expensive of all the
> validations.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
